Articles Domain Technology Web Security

Understanding Types of SSL Certificates, Their Validation Process and Points to Consider Before Buying Them

When someone purchases anything over the internet and pays through online banking or via other payment options like PayPal, 2checkout, etc., his/her personal information is transmitted, which if not encrypted, is at particularly high risk. The SSL (Secure Sockets Layer) protocol secures the transmission of information between a domain name and the visitors. This means that the account information entered by an individual while shopping online should safely arrive on the server of the shop owner without any third party gaining unauthorized access to it.

Also, many of you would’ve noticed a sudden increase in the number of online attacks happening over the web recently. There are numerous types of attacks like phishing, spamming, eavesdropping etc. than can jeopardize your website, causing an irreversible damage to your online reputation. SSL Certificates not only provide a security shield against such attacks, but also help create an aura of trust and a sense of security in your customers’ mind that you’re a credible organization validated by a proper certification authority and that it’s safe for them to share their data with you. The video below will help you get a detailed idea of how an SSL certificate works, and will likely solve most of your queries:

However, a blind trust in SSL Certificates can be dangerous. A website that displays an SSL certificate should be reliable and recognized by an authorized certificate authority.

Self-Signed SSL does not provide complete protection
There are many self-signed SSL encrypted websites out there that aren’t safe for secure transmission of your sensitive data. A Self-Signed Certificate is less trustworthy because it is signed by an individual and not by a trusted authority.

  • Such certificates have nothing to do with the identity of the person or organization that actually performed the signing procedure.
  • Self-Signed certificates aren’t trusted by other applications/operating systems. This may lead to authentications errors when a visitor lands on a website.
  • They use low hash and cipher technologies. Due to this, the security level implemented by self-signed certificates may not satisfy the current Security Policy etc.
Self Signed Certificate disadvantage
A likely occurrence if you use a Self-Signed Certificate

So, when you buy an SSL certificate for your e-commerce business, always pay attention to two main points:

  • SSL certificates provider – When you decide to purchase SSL certificate for your ecommerce business, you should check the review of certificate provider and examine which company is serious about the security of your data. Also, check some other criteria like whether the IT processes with in the company are ISO 27001 certified or not.
  • Choose right product – Always remember, expensive ? quality. There are various types of SSL certificates available in the competitive market, and not every one of them is right for you. So evaluate your business requirements properly and then so come to a decision as to which certificate can fulfill them best . There are many SSL wizards out there that can help you with this.

Once you’ve bought an SSL Certificate from a reputed organization, take care of two things:

  • When your certificate is going to expire, your SSL provider will send you a notice for its renewal. You should not be careless about such warnings. Visitors tend to move away from websites having expired security certificates. While renewing your certificate your email address or web address should be the same as you had while applying for the SSL certificate. A continuous ignoring of such warnings can have a negative impact on your business in long time.
  • Buying an SSL certificate is not enough. You must take proper steps to ensure proper implementation of the SSL protocol on your website. Have a look the common errors people do while installing SSL Certificates on their website.

Differences in certificates validation:

There are different processes for examining the authenticity of a website owner’s identity; some authorities do verification via telephone, while some examine the documents of an organization. Without checking or examining the identity, a certificate cannot be issued. Different types are SSL certificates have different validation processes:

Different types of SSL Certificate validation
Different types of SSL Certificate validation
  • Domain validation certificates: For domain validation, the certification body only checks whether the applicant is the owner of the domain. A message is sent to the administrative e-mail address of a domain, and it must be acknowledged to confirm ownership. The risk of deception for these certificates are relatively high.
  • Organization Validation certificates: In these cases, additional corporate data, like name and full address of the organization etc. are thoroughly checked.

Wrapping Things Up
As I had mentioned in one of my previous articles, SSL is a powerful tool for protecting not only your user’s data, but also their confidence in you. It’s the first thing a user will look for when deciding whether or not to trust a site, but it doesn’t cover all the security issues. It’s just one aspect of a greater effort. SSL protects data during one specific period of time, but that time isn’t the only window of opportunity that an attacker has to strike. Proper installation must be done to ensure that when you employ SSL you don’t render it redundant by neglecting to examine your systems for weaknesses in other key areas. It should never be assumed that a system is secure. A system should be proven to be secure by pro-actively seeking out weaknesses and eliminating them.

Articles News Technology Web Security Web Security

How to Choose the Right and Best SSL Certificate Provider-10 Simple Tips

With the number of online scams and frauds multiplying day by day, the need for SSL certificates to validate the credibility of a website is on rise. And most of the eBusiness owners are well aware of this fact, taking proper steps to put forth their website as reliable and trustworthy by displaying trusted symbols of web security on their online eCommerce platforms.

However, there is a major problem when it comes to picking the right SSL certificates provider. Most people, when looking for a SSL certificate provider, put their first foot forward with google, which is perfectly alright, but the problem arises when they search using terms like cheap, cheapest, less price, best price, discount, best deal and…you get the picture. And here is the thing- a quality SSL certificate with the strongest encryption technology to build trust, boost confidence and increase conversions does not come at the cheapest price.

Purchasing an SSL Certificate which is the cheapest among the lot will probably save you a few bucks, but it won’t bring with it a 24/7 technical support and admin management tools to manage all your web security needs in one place. Yes, price is a major factor and one must go for an SSL which best suits his budgetary constraints, but price is only one of the many factors, which are perhaps equally, if not more important in a larger scheme of things.

Here is quick list of factors you need to consider before choosing an SSL Certificate Provider that best fits your needs:

Make sure that the SSL provider has a valid EV SSL Certificate themselves.
How to choose best ssl provider.
There are plenty of SSL resellers out there who’ll fulfil your security needs at a very cheap price, but a little background research will tell you that most of them are fly-by-night companies who cannot even get an Extended Validation (EV) SSL themselves after being authenticated and approved by a third party certificate authority. Go for a provider with a Green bar. It’s the most basic prerequisite.

Make sure that the SSL provider Has a Dedicated Phone Support.
When a major portion of your business is online it’s a certainty that at some point you will experience technical issues since web servers are a core part of doing business online. Choose an SSL provider you can call at 3 in the night and have your problems rectified.

Make sure that the SSL provider has a valid mailing address.
Again, when you’re doing business on the web, don’t select a provider who is working from a virtual office or out of their home. Make sure they’ve a valid mailing address.

Make sure that the SSL provider focuses only on SSL.
If a provider is adding SSL offerings to a multitude of products they already offer to munch on a little extra money, then it not set-up appropriately to manage the support needs of their SSL customers and choosing them is the worst decision you’ll ever make. Go for an SSL provider dedicated and focused solely on SSL certificates.

Make sure that the SSL provider offers multiple SSL brands.
A provider offering a single brand of SSL cannot offer unbiased suggestions for all for all your SSL security needs and will always recommend that single SSL brand regardless of whether it fits your needs or not. Go for a provider that offers you a a wide portfolio of SSL brand options to choose from.

Make sure that the SSL provider offers true 24/7/365 live support.
Run a thorough check and make sure that the SSL provider you plan to go for provides 24/7 support via chat, phone and email accommodating all time zones.

Make sure that there is a reference letter available from the vendor for the SSL provider.
Always ask for reference letters and if possible visible confirmation of relationship between the Reseller and certificate authority. You know Barack Obama, but does he know you?

Make sure that the SSL Provider has an auto SSL Renewal system.
Not all, but many SSL providers lack a proper management program to handle client orders, communication preferences and billing systems, and don’t keep a track on the expiry dates of their customers certificates, which results in sites losing their certificate when it expires, thereby coming across as unencrypted, entrusted and unsecure to the website visitors. Pick a provider who promises to remind you before your SSL certificate expires.

Make sure that the SSL provider offers a money back guarantee.
A litmus test to check the credibility of a provider. If a provider doesn’t offer at least a 30 day timeline to submit a cancellation request and getting full refund incase you aren’t satisfied with their services, that as big as a red flag gets.

Make sure that the SSL provider offers SSL tools to confirm SSL installation.
Go for a provider that provides SSL tools to authenticate SSL security features and to confirm whether the SSL has been installed on the web server or not.

In addition to the points listed above, always check the reputation of your provider online. Search for their reviews not only on their websites, but also on forums that’re well outside their control. No one is in a better position to comment on the quality of their services than people who’ve had first-hand experience of working with them.